Lepide's Predictions for Ransomware in 2017

Unfortunately, chances are that ransomware attacks will evolve to become even more malevolent than they already have been. New strains of ransomware will explode onto the scene, with greater scope, reaping even greater rewards. Infiltration and propagation methods will be ever-more stealthy and insidious. 

For obvious reasons, ransomware has become the most popular form of malware. Ransomware developers are well-funded and tech-savvy, to say the least. They reinvest their profits into developing ransomware that is resistant to the current methods of defence. Vendors of security software will find it even harder to keep abreast in this ongoing digital arms race. To make matters much worse, Ransomware-as-a-Service (RaaS) is rapidly growing in popularity. Such schemes enable even the most technically illiterate cyber-criminals to launch their own ransomware attacks, while keeping a percentage of the profits.

In 2016, ransomware developers introduced a new and even more nefarious propagation technique, whereby victims were offered the chance to

receive the decryption key for free on the condition that they infect two other users. There's also “Fileless” ransomware to consider. This is a new variant of ransomware that leverages Microsoft’s (News - Alert) PowerShell’s scripting language to initiate the encryption process, as opposed to installing a file on your computer. This makes ransomware very hard to detect as it is hidden in the device’s memory. Fileless ransomware can also lead to more attacks, as the script is able to gather more information about the victim's computer.

Attackers are also starting to use a variety of different techniques to encourage users to pay the ransom. For example, for every hour it takes a victim to pay the ransom, a file will be deleted. Or perhaps even worse, they will threaten to expose your sensitive data, which may include embarrassing photos or a copy of your browsing history. Would they? Could they? Who knows.

It seems likely that in such a scenario more people would be willing to pay. However, since cyber-criminals often fail to deliver on their promise to provide the decryption keys, over time, less people would be willing to hand over their money. 

Of course, new forms of defence will emerge. Advanced algorithms will be developed which are able to detect and respond to behavioral patterns and anomalies. Security auditing software vendors have already developed tools that are capable of detecting file encryption instances that exceed a pre-defined threshold. For example, should X number of Y events occur over Z period of time, raise an alert or execute a custom script.  Such solutions can help stop ransomware in its tracks. As it stands, the only fool-proof method for protecting yourself against ransomware is to routinely back-up your data. This includes on-premise, offline and cloud-based backups.

But beware! New variants of ransomware are already able to exploit cloud connections and infect cloud-based backup services. As such, you will need to check that your cloud service provider has taken the necessary steps to protect themselves from infection.

Backup, buckle-up and wise-up; the war on ransomware has only just begun.